Im not very skilled when it comes to Windows administration, so bear with me here. I am RDPing to a remote Windows Server 2008, my account is a member of the "Administrators" group, yet I cannot write to any folder. Oddly, I can changes the permissions and explicitly give my user permissions to read/write, then I can perform the write actions.

Should I not have these permissions as default as I am a member of the Admin group?

1 Answer
1

Be more specific when you say "Any folder". Obviously, you're writing to "C:\Users" or you wouldn't be able to have a profile and logon. What folder are you talking about? It sounds like you're having a "User Account Control" moment to me.

Edit:

Very good. Sorry to nitpick, but it's helpful to know the specific problem you're having.

Welcome to "User Account Control". The "C:\inetpub" folder is protected by default. You have a few choices:

Work with the files from an elevated process-- either from an elevated command-prompt, or an elevated instance of Windows Explorer. - Advantage: Seamless access to files and folders, no UAC prompts. Disadvantage: Rather a pain to start, UAC functionality lost and potential security risk.

Explicitly grant your user account access to the files. Disadvantage: You have to do it. UAC effectively disabled for that directory (potentially slight security risk, since a program you might run could modify c:\inetpub... files w/o asking for your consent).

Disable UAC. - Disadvantage: Potential security risk. You're back to running as an "Administrator" and any program you run can "own" the entire machine.

The "Advantage" to all of the above is seamless access to files and folders with no UAC prompts.

Ok, yeah so I can write to my C:\Users account. I am having issues with adding/amending files to C:\inetpub unless I explicitly give rights to the files. I have given myself rights to inetpub but if any new folders are uploaded I am unable to edit the files without giving explicit permissions again.
–
OwenJul 13 '09 at 12:15

Without been too lazy, do you think you could give me brief disadvantages to each approach (forgetting explicitly granting access) ?
–
OwenJul 13 '09 at 12:51